To add a bit of context: brokerages like Robinhood send buy/sell orders to national exchanges and to private trading firms e.g. high-frequency traders. Private firms provide price improvement: orders that execute at prices better than the national exchange. All brokerages have a duty of best execution, including a duty of price improvement. Brokerages can also receive payment for order flow from private firms, as long as it does not interfere with best execution. However, "Robinhood explicitly offered to accept less price improvement for its customers... in exchange for receiving a higher payment for order flow," which is illegal.
In order words: if I want to buy something that costs 100, the broker is free to get me a price of 95, but they were colluding with the players able to offer this discount to offer me 97 instead and pocket the extra 2, something like that?
There is a notional standard "best price", the NBBO, that a broker-dealer has to meet; you can't take payment to route an order somewhere that doesn't meet the NBBO.
But the NBBO captures pricing from all kinds of traders. Retail traders are cheaper to trade with than institutional traders, because retail traders aren't moving gigantic blocks of stock that are going to blow up the market makers that are facilitating the trading.
Everybody knows that retail traders are cheaper to trade with, and everybody knows where the retail trades come from: the retail broker-dealers. So market makers cut deals with retail broker-dealers: they chop up the cost savings between themselves and their customers, who get prices below the NBBO. That's called "price improvement".
What happened here is that Robinhood claimed in its marketing to be obtaining the best available prices for its customers. But it wasn't living up to that claim. Its upstream market makers made it clear to them that they could get more price improvement for their customers, if they took less in PFOF rebates.
The SEC filing suggests that Robinhood was offered 80/20 price-improvement/rebate, and instead took 20/80. The two big problems here: first, 20/80 is worse than other retail brokerages (virtually all of which do PFOF, because none of them are especially competent at actually executing trades) --- even if you factor in the lack of trading fees, and second, Robinhood had claimed in its own marketing that they did the opposite.
I work at a market maker, and what you say is mostly correct. However, I would like to add that retail customers get better prices not primarily because they move less volume (though this is certainly a factor), but because their order flow is significantly less toxic. Retail traders don't really know anything and their order flow contains less alpha, so market makers can quote better prices to them without getting run over.
It's very important for market makers to separate out order flows and assign a toxicity to each flow. This way, they can provide tighter spreads and better execution on less toxic flows while being a little looser for highly toxic institutional flows.
So roughly, the idea is that if I’m smart money (say a big hedge fund or institutional trader), behind any of my trades is an implication that I know something worthwhile. So my trades will move the market, and this can leave market makers holding the bag if prices move quickly.
But if I‘m the proverbial dentist, my trades are just noise that don’t signal anything real about the market. I can get better execution because market makers aren’t worried about my trades moving the price out from under them.
Although Im sure the improvement isnt that significant per trade, is it worth trying to game this to lower my toxicity, i.e. use odd lots, break up my trade etc?
You are putting it almost exactly how Matt Levine puts it.
I would just sneak in the point that, to my understanding --- and the previous commenter would know better than I do --- one of the big information advantages institutional traders have is simply the knowledge that their order is the first of 1000 identical orders they're about to follow up with.
Yes, this is also a good point. Retail trades are more likely to express real demand. When a retail traders puts in an order for 135 shares, say, it's most likely that's an accurate and complete signal of that traders intentions: they are looking to buy 135 shares. For institutional players, it could be an iceberg order: once the 135 shares are filled, the refill the order with another 135, again and again. So the actual orders they submit are less representative of their actual intent, making handling their trades much more risky.
What's the specific risk when handling these trades? Is it that the quoted price should be higher, given that there is more demand than there seems to be?
If that's the risk, though, it's not a risk of loosing money you have, but rather a risk of not making as much money as you could by selling at a higher price, right?
So let's say I'm quoting a tight spread and a small buy order comes in and I get hit. No problem. I don't adjust my quotes because that small of order will not impact the price. But now more orders are coming in from the same institution, buying more and more (basically one big meta-order broken up into small orders so as to conceal intent). If I don't realize that all of these small orders are from the same institution and that they actually represent one big order, I will probably lose money because I am treating each order in isolation. Everytime I sell to the buyer, the price goes up, making me lose money because my spread is too tight and I haven't identified the true intent of the buyer. Every time I sell, I am increasing my short exposure to the asset/derivative, so if the price moves up (against me), I am in a very real sense losing money.
If I can identify the meta order, I can shift my quotes up in order to compensate for the price impact all these small orders are going to have (remember, though they are individually small, they actually represent one big order).
So basically, market making is a game of predicting the short term future price of a security, and quoting buy/sell offers at appropriate levels. The less volatile and less toxic and more liquid a market is, the tighter I can quote. The more volatile and toxic a market is (and less liquid), the looser my spread must be. Remember that I'm not trying to make money on the directional moves of an asset (I'm trying to be "delta neutral"), but rather profit off of the bid-ask spread. My goal is to turn over inventory as quickly as possible (ideally buying and selling at the same exact time).
So if someone's buying a stock, the market maker actually takes a short position to make it available to the buyer? I was under the impression that market makers are just connecting market and limit orders with each other, is that not the case?
It's really complicated and I don't want to go into too much detail, but no, a market maker isn't "connecting" limit orders. A market maker is a market participant, just like me or you (well, sort of). They buy things and sell things, they don't have magical powers.
People get confused, but most hft firms utilize market making strategies. A market maker is just someone who puts limit orders on the book (making) vs taking liquidity off of the book (takeout). Anyone can be a market maker, and many firms do both market making and taking.
No, the exchange already matches a buy at market order to the best limit sell. A market maker is who is filling up the order books with offers to buy and sell at different prices under the hope that a regular trader will come in later with a trade the other direction at a better price.
FWIW InteractiveBrokers, in their Pro accounts (the one you pay albeit very low commission fees for) doesn't accept payment for order flow. Their Lite accounts (the one they launched to compete with RobinHood) do accept PFOF. [1, 2]
Makes sense, I'm just shilling; I like IBKR. Not, you know, their app or website. Their order execution, margin rates and other features (debit card, bill pay) are really solid.
I haven't check it honestly, I don't really trade equities - I mostly sell equity options and index futures options. I use IBKR because of their low margin rates (1.25% for a 300K margin loan at the moment), their low commissions and their generous portfolio margin allowances.
Depends on the size of your account and how you trade, and what you're looking to get out of it.
If you have an account value of over $110,000 IBKR will offer you the industry's lowest margin rates (as low as 0.75%, tax deductible) and very competitive order pricing, without PFOF. Of course with a substantial account you can ask any of them to match IBKR margin rates and they likely will.
I sell a lot of margin-secured put options for passive income, and having a 15% portfolio margin maintenance requirement gives me a lot of headroom -- not that I'd ever max it out, I just don't want to be anywhere close. Further the margin impact of out of the money options is also calculated generously.
They also offer access to basically any product in any market anywhere in the world. I sell index futures options in the US for instance, but if you want to trade on Canadian, European, Australian or Asian exchanges, it's just a button click away.
You can also practice tax-aware borrowing and use their debit card to make purchases against your margin, and also, they offer bill pay which works against your margin balance too. My personal economy involves holding a 6-month cash buffer in my bank account, and investing anything that comes in - and borrowing against it to pay bills. Then, I use the proceeds from my short-term options trades, and dividends from my longer-term positions, to pay them off.
I bought a house last year and long story short ended up not selling my condo, meaning to close I needed to not sell a chunk of my investments. Problem is, many had significant capital gains. I ended up just taking a margin loan for a blended rate of about 1%. I avoided capital gains, the margin interest is deductible, and my tech heavy portfolio has increased substantially in absolute terms and on a percentage return basis is crushing it.
I was comfortable with margin/leverage, for a few years I was very successful with a strategy of buying blue chip dividend stocks on margin and essentially running a credit spread trade- it's not for everyone.
But IB is outstanding compared to other brokers around things like this- it really excel for the "prosumer" niche.
You keep saying that a benefit of IBKR Pro is "no PFOF". That's true --- IBKR Pro is I think the only online retail brokerage that doesn't do that.
To my understanding, the only meaningful benefit to "no PFOF" is potentially better price improvement. Which is to say, if you place orders with Ameritrade, which is doing PFOF, you're going to get price improvement over NBBO, but with IBKR Pro, which doesn't, you might get even better price improvement.
In the IBKR Pro case, that's true: according to their advertised price improvement stats, you will get 1/3c of improved price improvement per share as a consequence of trading through them compared to the industry average. Your call whether a third of a penny is meaningful to you.
But in the general case, it might not necessarily be true that "no PFOF" is a benefit; it's all a question of the fees you pay and the price improvement you get with a given brokerage's routing, right?
Am I off here? My sort of baseline belief is that firms like Citadel and Virtu are in fact very good at executing retail orders, and that it'd be weird to have a goal of making sure your dumb retail orders were routed around them.
IBKR does some of its trading off-exchange like the PFOF types, but they do it in-house, not on a paid-for basis. If you see "SMART" in the routing of an order on IBKR pro, often that order went to one of their darkpools or was filled by them off-exchange (at a price better than the NBBO).
The price improvement per share also sometimes comes from exchange rebates that they pass through to customers.
Crispier fills. And you can choose which exchange you route your orders to so you can get rebates (maker/taker model). Getting paid to open/close options positions is genius.
Does Vanguard provide an api? I use them for my three fund portfolio but use td ameritrade for swing trading as I can automate my strategy. Would be nice to keep it all in vanguard.
(1) There are lots of different exchanges and trading venues, not just one.
(2) Electronic market makers have expertise in order execution and have invested huge amounts of money in software platforms to automate it, which they're effectively renting out to broker-dealers.
(3) Some of these firms have other sources of inventory they can clear trades against.
There are probably 10 other more important reasons I just don't know about.
What I think it comes down to is that order execution is a big job, and being able to effectively answer the phone and run the right billboards and TV ads is also a big job, and firms like Citadel and Virtu are good at the former and firms like Ameritrade are good at the latter.
>20/80 is worse than other retail brokerages (virtually all of which do PFOF, because none of them are especially competent at actually executing trades) --- even if you factor in the lack of trading fees,
(1) I don't think you can make a blanket statement about the split and trading fees. If I bought 1 stock for $100 this year I'm better off with the 20/80 split than a trade commission. Conversely, if I bought 10,000 shares @ $100 I would be better off paying a commission and getting a 80/20 split.
It's also not clear what's better for the consumer. If I'm paying a commission then I have to trade sub-optimally in order to batch trades. Maybe I'm better off being able to make a trade for free when I need it even if it costs me more in fees.
(2) This seems like an odd standard. I can take 20% as a rebate because everyone else does, but I can't take 80% because no one else does that. So maybe I can take 25% or maybe 30% or maybe 35% and that's ok. Where exactly is the line?
And if someone launches a competitor called Jesse James and they take 80% does that mean Robinhood is now ok? Or is two not enough? And if two is not enough then how many does it take?
I'm literally quoting the SEC here. 80/20 wasn't an example I came up with for funsies. They did the math; the outcomes were worse for RH customers. Which seems like it would have been OK, except that RH said the opposite thing in its promotional material.
More like broker 1 offered it to me for 95 and to pay Robinhood 1. Broker 2 offered it to me for 97 and to pay Robinhood 2. Robinhood took the offer from broker 2. No collusion necessary but they weren’t acting in the best interests of their customers according to stated offers.
I always thought that Robinhood's customers were not folks with the Robinhood app, but rather the association of their traffic with clearing houses like Citadel?
More like you want to buy something that would cost 100, and RH got paid 5 to send your order to a trading company, and that trading company executed at 101.
No. If you had a limit buy, Robinhood would never exceed your limit. Period. That would be highly illegal.
This is more like you want to buy something at 100. Robinhood then goes to the market and looks at all the vendors. The vendors are selling at various prices. Robinhood has a relationship with one of the vendors so they went there and that vendor was willing to sell at 98. However, a vendor down the street (that Robinhood doesn't like) would have been willing to sell at 97.
None of that is illegal. What the SEC is arguing here is that Robinhood didn't tell the customers this when they advertised "commision-free" trades. In Robinhood's eyes, they didn't charge a commission, so this was accurate. But in the SEC eyes, the customer was paying a "hidden" commission because they would get a slightly worse price than if they went with a different broker.
Imagine you are Fidelity... All of a sudden, you have Robinhood advertising "commission-free" and you just lost a good chunk of business from retail traders. You then complain to the SEC because the advertising here is not entirely accurate - the customers might have even gotten a better price with Fidelity - even if you add in the commission.
FTA:
> The order finds that Robinhood provided inferior trade prices that in aggregate deprived customers of $34.1 million even after taking into account the savings from not paying a commission.
Robinhood goes down to vendor street and into the shop of its preferred vendor, who is also the preferred vendor of most other brokerages. The vendor says "The street price on this item is $100, but we can get them for $95. We can get it to your customer for $97 and give you $1, or $98 and give you $2". Robinhood takes the $2, other brokerages don't, and Robinhood (crucially) lies about it, at which point the SEC gets mad.
I always wondered how these companies made money. My first suspicion was, that they "fed" stupid retail clients thay had no place in trading to the big fishes.
I learned so much in this thread, making it one of my favorites. And showing again why HN is the great thing it is.
Also, even I wasn't really right, RH and others sure found a way to price and sell an existing service better than incumbents. And in good disruptive tradition seem to have ignored certain regulations.
The "certain regulation" here is simply that you can't advertise to your customers that you're getting them the best possible deal when you have deliberately chosen not to give them the best deal. As the SEC points out: their pricing isn't better than traditional brokerages. This isn't like Uber, where the lie is that the low prices are subsidized by investors and will be jacked up later on down the road; here, the lie is taken directly out of the hide of RH customers.
That's true only if the service Robinhood is providing is giving customers good deals. It seems quite plausible that instead it is actually providing entertainment in the form of "free" trading. If this is the case, the lack of explicit commission is a key feature.
My post has no bearing on a limit. If you see 103 on your ui and tell RH to limit to 103 then RH is still obligated to do the best it can. If the best execution you could reasonably get is 100 and you execute below your limit but above 100, that’s illegal.
The limit in a limit order is really an orthogonal concept.
This is one way they make money. Robinhood is free because it makes interest on the money you ACH transfer in that sits while you make your decision on what to buy. They have a big bank account holding all of the user's funds and get interest on it. Of course they cannot make interest on the money traded for a stock though.
Does it mean that its always better to do limit orders as apposed to market order in RH? I'm guessing, its a lot more easy for RH to give you sub-optimal prices for market orders.
Assuming they don't change their practices, it's always better to use a different broker. Robinhood was the first to eliminate comissions, but now most brokerages have also eliminated comissions, so say thanks to Robinhood and then use an established broker.
I would expect market and limit orders to have been handled similarly. Market makers would like to trade with retail investors, and they're willing to pay X for that; if Robinhood takes 80% of X, and passes on 20% to clients as price improvement, and other brokerages pass on 80%, your limit orders may execute sooner at other brokerages (as your limit is effectively 0.6X higher/lower), or may end up executing with bigger price improvement.
That’s only for the final model. To find it, they’d need to run 1,000 experiments, trying many high-level approaches, many architectures for each component, hyperparameter search, and multiple seeds. Large machine learning projects need $10M in capital.
If you experience a reproducible Firefox performance problem, please consider using the Firefox profiler add-on [1] to record a profile and file a bug with "[qf]" to the whiteboard field. These "[qf]" Firefox performance bugs get reviewed by engineers twice a week. Having a profile makes the bugs much easier to diagnose.
I think that Chrome also suffers on this front? But it's better at doing pre-fetching than Firefox is
This could really just be that part. I have a hard time imagining explicit sabotage of FF on the gmail frontend. The likeliest explanation is that perf testing and the like only happens in Chrome
People are perfectly capable of distinguishing between browsers and websites. For example, users have no problem logging into Facebook with Chrome.
Auto-signin only adds confusion. Many (most?) users have no reason to associate their browser with a Google account. This is something that Google is pushing unilaterally, just like Google+/YouTube integration. As an advertising company, they stand to benefit from more accurate user tracking.
Capable? Sure. But probably not interested in the difference.
Again, the Chrome account is your Google account so you're not associating anything, you're just logging in. It's different than any other example where the website has a different account. Signing in to Chrome and then into Gmail is not what most users would expect because for them the browser really is just another Google service.
There seems to a big (and sometimes willing) misunderstanding from HN/tech users about the mainstream population who just want things to work.
Consider the case of two users, Alice and Bob. Alice has sync enabled, Bob does not.
Bob wants to check his email on Alice's computer, so he logs Alice off and logs into to his account. This syncs across all website he visits (due to shared auth cookies), but doesn't sync to the browser itself. Chrome is still logged into Alice's account, so Bob's browsing history is synced, but to Alice's history. This can have any number of unwanted consequences, from privacy consequences to Bob depending on whether or not you think Alice or Google are bad/compromised, to weirdnesses for Alice when she tries to check her history again.
Post this change, Bob logging in to Gmail on Alice's computer will log out of Alice on Chrome, and log in to Bob, meaning that Bob's history is no longer synced. So for Bob, this is a privacy increase (since now Google and Alice have less access to his browsing history) in that situation, and a usability improvement for Alice.
You could maybe get a similar effect by having account consistency be a thing that always logs the current user out and only also logs you in if you opt in, but that can also I think lead to weird situations for everyday users.
In other words, the point of signing in is to make sure no one else can accidentally (or intentionally) siphon away your browsing history.
Bob wants to check his email on Alice's computer, so he logs Alice off and logs into to his account. This syncs across all website he visits...make sure no one else can accidentally (or intentionally) siphon away your browsing history.
Don't do that then.
There's a simple solution to this conundrum, but it involves google not hoovering up the browsing history of half the world by default. Unsurprisingly, the google team has decided not to implement that solution and instead has tied logins on a web page to logins in a browser ever more tightly, and this move is just another step on that road, until you can tell yourself that 99% of the world logs in to the browser, because it's just easier, so we'll make it opt out instead, and then by a series of small incremental steps, each of which seems reasonable, you're forcing users to log into google and send them your data to get any browsing done at all.
Logging in to the browser is the problem here, not the solution. You should log in to websites, not the browser, that separation is a good one and is there for very good reasons.
That is an extremely narrow example that ignores many other scenarios, some of them privacy related and some of them functionality related.
But I'll bite. In the scenario you just described, can't Alice still just look at her local history and get all of the same information? I just tested -- local history is accessible across accounts in Chrome 69.
So this change doesn't actually protect people who are sharing computers -- a private browsing session is what protects them. And this change doesn't make private browsing any easier.
Also in this scenario, if Bob isn't checking his email or something, he's very unlikely to go log Alice out of her account. So the extremely minor privacy boost that doesn't actually exist because all of Bob's history is still stored locally will still only happen if both Alice and Bob use Gmail.
Which makes it sound like this entire feature was the brainchild of some executive who genuinely can't comprehend someone borrowing a computer and not immediately signing into Gmail. A much better solution to the problem you're describing above would be to draw more attention to private browsing sessions in the UX, or to just have some kind of notification when the user signs out of Gmail.
Heck, you could have the same exact feature, except drop the auto-login part and only have the auto-logout. That would still be a useless feature because of the reasons above, but it would get rid of the vast majority of the privacy concerns the tech community is currently raising.
Auto-login is not necessary to fix the problem you're talking about.
How about popping up a message saying, "you're logging in to someone else's computer, would you like to do this in an incognito window?" Or something like, "you're signing in to a different Google account, would you like us to remember this account and preserve/sync history to account X, which is currently signed into Chrome".
Doesn't work. Between the cookie pop-ups, update notifications, and "you've got mail"s, people have learned to ignore pop-up notifications.
... of course, the real problem here started with "Bob checked his email on Alice's computer." There are so many ways it can go wrong, like Alice using a browser other than Chrome, Bob using an email service other than GMail, or Alice deliberately installing a keylogger on that computer...
You mean like the popup of Google asking if I'd like to sync, or if I want it set as the default browser? It seems to be ok when it's in Google's favour.
If Bob logs into Alice's computer and forgets to log out all she has to do is hit the "sync" button and she can now view everything that's his synced with his account. Previously she would have at most his email, now she has that and more.
I don't want to get too far into specifics because I'm not an expert, but I'm pretty sure there are a number of inaccuracies in this comment.
Notably, synced data would have been visible in myaccount.google.com already, and if he had syncing disabled, I don't think there wouldn't be any data synced with his account to view.
In other words, assuming Alice was nefarious, yes this is still terrible, but I don't think it's just still terrible, not worse terrible.
Edit: I'm rate limited, but to clarify, yes syncing is an account wide setting, hence you need to be authenticated to a specific account to change it. The entire point of syncing is to sync data between browsers on different devices.
> Notably, synced data would have been visible in myaccount.google.com already, and if he had syncing disabled, I don't think there wouldn't be any data synced with his account to view.
That makes no sense at all unless syncing is an account wide setting instead of a browser setting, and it's pretty clear that this is a browser setting. Bob could have syncing enabled on his primary computer, log into gmail on Alice's computer where it then logs him in to her browser but without syncing enabled, and then Alice can later on come in and enable syncing by hitting the blue button.
Frankly it sounds like what Google should have done is created a better security system rather than a better notification system. This solves nothing, creates more problems, and pisses people off at the same time.
It makes perfect sense. If Bob has syncing enabled on his primary computer, Alice could enable syncing to copy the previously synced data to her browser. But she could also view the same data on myaccount.google.com.
It's a potential privacy violation for Alice and Bob!
How about this scenario:
Alice has Chrome synced to her Google account on her PC.
Bob uses Chrome on his PC but has no Google account and does not log in to Google services. He does uses bookmarks though.
Alice visits Bob and borrows his PC to check her gmail, which logs her in to Bobs Chrome. Then either Alice at that time or Bob at a later date accidentally triggers sync in Bobs Chrome.
TWO bad things happen at this point.
1) all Alice's synced data is downloaded onto Bob's PC. Including her bookmarks and passwords
2) all Bob's bookmarks are synced with Alice's account and Chrome on her PC will download them next time it's online.
Thanks for the explanation. It seems to assume that Gmail is the internet. If people sometimes use Facebook or forums or games instead of Gmail, then history will appear to sync to random places, no?
Bob's browsing history is synced, but to Alice's history
I agree with you that this would upset Alice when she wants to check her personal browsing history. But isn't that the innate consequence of sharing your own computer with other persons? It is the same as Alice lending her MacBook to Bob without logging out herself first. Can't Alice simply log out her Chrome before giving to Bob?
Bob logging in to Gmail on Alice's computer will log out of Alice on Chrome, and log in to Bob
Why should Gmail (or any Google service) be so special? If Bob log in to his Outlook account, shouldn't the same treatment happen (which clearly indicate a persona switch)? It is clear that Google is using its monopoly power between Google services and Chrome to reinforce the bond between "average users" and itself. Imagine if Chrome dwindles at ~10% market share instead. Do you ever think the Chrome team would have done this feature?
But the tech-savvy community has influence. We set up computers for our friends and families. We write IT policies. We are web developers, tech reporters, and more.
At least for me, Google's behavior means that I can no longer recommend Chrome.
I can't imagine the impact is significant even if we consider two degrees of acquaintances (you tell someone to not use Chrome and they tell someone else).
Fortunately it's not. On average people are only about 6 degrees apart, so in reality a relatively small number of people can get a surprisingly large amount of coverage in a frighteningly short amount of time, should they choose to apply themselves.
The world is very small, and privacy is a mainstream concern these days. The impact of one story or one action is limited, but in the end, users do get their say. Otherwise, we would still be using Internet Explorer.
"Listening in" is inaccurate. "Ok Google" was opt-in only, and did not record users without consent. Chromium downloaded but didn't run the binary blob.
I've removed all sorts of dumb stuff slowing down the build that was included by accident or unnecessarily on my project at work. Never attribute to malice ...
> A mistaken include in a build file, most likely.
Yea, "whoops we accidentally downloaded a surveillance device on your system!"... If that sort of negligence can happen, what else is the browser currently doing, or capable of doing in the future, "accidentally"?
Not to make light of the point you're making, but by far and large customers actively want this.
There's a large market opportunity right now for voice controlled systems. Controlling those systems with your voice means they have to be able to listen to you. Full stop.
While I think it's going to take a long time before we truly understand the repercussions of those systems (and I want to be clear, I say that not as an omen of fear and doom, but as a literal statement: We don't understand exactly what level of monitoring we're ok with or is appropriate as a society) I think complaining that google is acting in a solely nefarious way by attempting to incorporate voice control into the browser is disingenuous.
Windows (the literal glass ones) also allow people to see into your home. They let any random stranger on the street walk right up and view the things you own, as well as yourself and your family. But by far and large we've decided we like windows enough that the privacy loss is worth it.
This principle is heuristical and as such can result in down-side when one doesn't actually resolve the uncertainty within the heuristic (read: guess) with detailed evidence.
The obvious downside here is that you can accumulate a bunch of risks which each independently satisfy the heuristic, and so don't seem like risks, but in aggregate can result in a swing towards the opposite of what it says.
Meaning, yeah, sure, stupid thing added to the codebase. But with the accumulation of all the poor decisions Google has made surrounding privacy, is Google really that fucking idiotic, or, what?
Yes, it's maybe intentional, and just using the rule "Never attribute to malice that which cane be attributed" as an indication that there isn't any malice is stupid because it's getting you to change your mind about the kind of thing going on without evidence.
It's like saying Occam's Razor always gives you the right analysis of how things are. No, it only gives you the best guess given that you've taken everything possible into account. But here it's worse, because it's not taking into account all of the other times Google has infringed a common-sense understanding of privacy.
Whether or not it's more likely that Google is intentionally crossing this line, rather than it's just merely possible that they're intentionally doing it, depends on other information. In this case because it's unlikely that Google is really that's stupid, because they're good engineers with strong QC practices, so it's more like that there is some kind of intention involved. Not to be "evil" but to deliberately do things that deny the social value of avoiding surveillance.
https://news.ycombinator.com/item?id=38555629