To be honest none of this surprises me, all of it is typical, and mature democracies have privacy laws which obligate reporting of this kind of thing where it has actual impact. But rather than raise pitchforks at software engineers, instead raise them to critique those occasions where data is not held in an end-to-end encrypted manner “by default”.

The scope of information accessibility, by default, should only be to the creator and the explicitly and known intended recipients; fix that and a lot of these issues will simply go away.

https://www.404media.co/google-leak-reveals-thousands-of-privacy-incidents/