Over two days during the summer of 2009, experts from inside and outside Google met to forge a roadmap for how the company would approach user privacy. At the time, Google was under fire for its data collection practices and user tracking. The summit was designed to codify ways that users could feel more in control.

Engineer Amanda Walker, then in her third year at Google and now the company’s software engineering manager of privacy infrastructure, jotted down notes on a paper worksheet during one of the summit’s sessions. “HMW: Mitigate Impact of bad Gov’t + 3rd party requests,” she wrote, using shorthand for “how might we.” A few suggestions followed: “Discourage abusive requests. Make privacy measurable/surface rising threats. Industry wide.” It was the seed of what would eventually become Google’s suite of transparency reports that, among other things, disclose government requests for data.

It also was just one of several features the group brainstormed that summer that became a reality. An idea called “persona management” became Chrome and Android profiles. “Universal preferences” became My Account and My Activity. And “private search” turned into controls to be able to see, pause, and delete search queries and other activity.

Longtime Google employees remember the 2009 privacy summit as a turning point. “A lot of these were a lot more work than we anticipated at the time, but it’s reassuring to me that I think we got the big things right,” Walker says.

And yet, nearly a decade later, privacy controversies continue to plague Google. Just in recent months, the Associated Press revealed that Google continued to store user location data on Android and iOS even when they paused collection in a privacy setting called Location History. At the end of September, Chrome had to walk back a change to user logins meant to improve privacy on shared devices after the revision prompted a different set of concerns. Google then shuttered Google+ in October, after The Wall Street Journal reported on a previously undisclosed data exposure that left personal information from more than 500,000 of the social network’s users out in the open. And Google is once again building censored services for China.

In this seemingly unshakeable cycle of improvements and gaffes, it's nearly impossible to make a full accounting of Google's user privacy impacts and protections. But it's critical to understand how the people on the front lines of that fight think about their jobs, and how it fits in with the fundamental truth of how Google makes money.

Google’s privacy apparatus—which spans the globe and includes dedicated stand-alone teams, groups within other teams, and an extensive leadership structure—comprises thousands of employees and billions of dollars in cumulative investment. More than a dozen Google employees who work on privacy at all levels talked with WIRED in recent weeks about the massive scale and scope of these efforts. Every employee—from research scientists to engineers, program managers, and executives—described a single shared goal: to respect Google users and help them understand and control their data as they generate it in real time on Google’s services.

But Google is not a consumer software company, or even a search company. It’s an ad company. It collects exhaustive data about its users in the service of brokering ad sales around the web. To do so, Google requires an extensive understanding of the backgrounds, browsing habits, preferences, purchases, and lives of as many web users as possible, gleaned through massive data aggregation and analysis. In third-quarter earnings announced last week, Google’s parent company, Alphabet, reported $33.7 billion in revenue. About 86 percent of that came from Google’s ad business.