996 just sounds like mismanagement to me. Yes it's hard work but Ali Baba is not a seed startup that they can't afford to hire more people and distribute the workload.
That's just a diplomatic way of saying "so what if we logged you in". Well you don't understand how distrustful people are of Google these days, especially power users. I wouldn't give a byte of information about me to Google if I don't have to.
To add, the "no sugar added" thing is wholly misleading because there are fruit concentrates that companies can add that are basically sugar substitutes. It's technically not "sugar added" but it's basically filled with healthy dollop of fructose (which is worse than sucrose but I'm too lazy to cite a reference).
Highly recommend Quad9. Their privacy policy is absolutely no identifying data logging, period. They're also the few providers offering DNS over TLS. Google, on the other hand, keeps identifying logs for 24-48 hours.
I feel like I'm missing something but wouldn't this whole brouhaha be avoided by making the website 100% HTTPS and redirecting any HTTP requests to HTTPS through the server itself? This is common practice with Nginx, for example.
Also, a group capable of 30 simultaneous infrastructure attacks anywhere in the world with the goal of disrupting civilization can easily find far better targets than chip fabs, and various intelligence agencies will have infiltrated such a large international group anyway. The notion is interesting but unrealistic.
IBM is likely the single largest government contractor in North America. Most governments at every level have contracted IBM for something, at some point. You don't hear about the successes because that's not news. That's just a government and contractor functioning as they should. Only large, expensive failures make the news.