Network Solutions and Cloudflare Supporting Horrific Racist Site

Views: 327

Today a concerned reader brought to my attention a horrifically racist site — apparently operating for a decade and currently registered via Network Solutions (NSI) — with DNS and other services through Cloudflare — called “n*ggermania.com” (and “n*ggermania.net”) — I have purposely not linked to them here, and you know why I have the asterisks there.

To call the site — complete with a discussion forum — a massive pile of horrific, dangerous, racist garbage of the worst kind would be treating it far too gently.

We already know that Cloudflare reportedly has an ethical sense that makes diseased maggots and cockroaches seem warm and friendly by comparison — Cloudflare apparently touts a content acceptance policy that Dr. Josef Mengele would have likely considered too extreme in its acceptance of monstrously evil content.

But Network Solutions claims to have higher standards (though it wouldn’t take much effort to beat Cloudflare in this regard) and I’m attempting to contact NSI officials now to determine if such racist sites are within their official policy standards. 

Oh, and by the way, guess what happens whenever you call the official Network Solutions listed phone number that they designate for “reporting abuse” — you get a recording (that doesn’t take a message) that says “they’re having difficulties — try again at a later time.”

Why are we not at all surprised?

–Lauren–

Chrome Is Hiding URL Details — and It’s Confusing People Already!

Views: 689

Here we go again. I’m already getting upset queries from confused Chrome users about this one. 

In Google’s continuing efforts to “dumb down” the Internet, their Chrome browser (beta version, currently) is now hiding what it considers to be “irrelevant” parts of site address URLs.

This means for example that if you enter “vortex.com” and get redirected to “www.vortex.com” as is my policy (and a typical type of policy at a vast number of sites), Chrome will only display “vortex.com” as the current URL, confusing anyone and everyone who might have a need to quickly note the actual full address URL. Also removed are http: and https: prefixes, leaving even fewer indications when sites are secure — exactly the WRONG approach these days when users need more help in these respects, not less!

And of course, if you’re manually writing down a URL based on the shortened version, there’s no guarantee that it will actually work if entered directly back into Chrome without passing through possible site redirect sequences.

But wait! You said that you want additional confusion? By golly you’ve got it! If you click up in the address bar and copy the Chrome shortened URL, it will appear that you’re copying the short version, but you’re actually copying the invisible original version with the full site URL — including the full address and the http: or https: prefixes. If you double click up there, Chrome visibly replaces its mangled version with the full version.

I can just imagine how this “feature” pushed through Google — “Hell, our users don’t really need to see all that URL detail stuff, so we’ll just hide it all from them! They’ll never know the difference!”

But the truth is that from the standpoint of everyday users who glance quickly at addresses and greatly benefit from multiple signals to help them establish that they’ve reached the exact and correct sites in a secure manner, the new Chrome URL mangling feature is an abomination, and I’ll bet you dollars to donuts that crooked site operators will find some ways to leverage this change for their own benefits as well.

As I said, this is currently in Chrome Beta, which means it’s likely to “graduate” to Chrome Stable — the one that most people run — sometime fairly soon.

Google is a great company, but their ability to churn out unforced errors like this — that especially disadvantage busy, non-techie users — remains a particularly bizarre aspect of their culture.

–Lauren–

Third Parties Reading Your Gmail? Yeah, If You’ve Asked Them To!

Views: 4756

Looks like the “Wall Street Journal” — pretty reliably anti-Google most of the time — is at it again. My inbox is flooded with messages from Google users concerned about the WSJ’s new article (being widely quoted across the Net) “exposing” the fact that third parties may have access to your Gmail.

Ooooh, scary! The horror! Well, actually not!

This one’s basically a nothingburger.

The breathless reporting on this topic is the “revelation” that if you’ve signed up with third-party apps and given them permission to access your Gmail, they — well, you know — have access to your Gmail! 

C’mon boys and girls, this isn’t rocket science. If you hire a secretary to go through your mail and list the important stuff for ya’, they’re going to be reading your mail. The same goes for these third-party apps that provide various value-added Gmail services to notify you about this, that, or the other. They have to read your Gmail to do what you want them to do! If you don’t want them reading your email, don’t sign up for them and don’t give them permission to access your Google account and Gmail! 

Part of the feigned outrage in this saga is the concern that in some cases actual human beings at these third-party firms may have been reading your email rather than only machines. Well golly, if they didn’t explicitly say that humans wouldn’t read them — remember that secretary? — why would one make such an assumption?

In fact, while it’s typical for the vast majority of such third-party systems to be fully automated, it wouldn’t be considered unusual for humans to read some emails for training purposes and/or to deal with exception conditions that the algorithms couldn’t handle. 

Seriously, if you’re going to sign up for third-party services like these — even though Google does carefully vet them — you should familiarize yourself with their Terms of Service if you’re going to be concerned about these kinds of issues.

Personally, I don’t give any third parties access to my Gmail. This simplifies my Gmail life considerably. Google has excellent internal controls on user data, and I fully trust Google to handle my data with care. Q.E.D.

And by the way, if you’ve lost track of third-party systems to which you may have granted access to your Gmail or other aspects of your Google account, there’s a simple way to check (and revoke access as desired) at the Google link:

https://myaccount.google.com/permissions

But really, if you don’t want third parties reading your Gmail, just don’t sign up with those third parties in the first place!

Be seeing you.

–Lauren–

Why Google Needs a “User Advocate at Large”

Views: 330

For many years I’ve been promoting the concept of an “ombudsman” to help act as an interface between Google and its user community. I won’t even bother listing the multitude of my related links here, they’re easy enough to find by — yeah, that’s right — Googling for them.

The idea has been to find a way for users — Google’s customers who are increasingly dependent on the firm’s services for an array of purposes (irrespective of whether or not they are “paying” users) — to have a genuine “seat at the table” when it comes to Google-related issues that affect them.

My ombudsmen concepts have consistently hit a figurative brick wall at the Googleplex. A concave outline of my skull top is probably nearly visible on the side of Building 43 by now.

Who speaks for Google’s ordinary users? That’s the perennial question as we approach Google’s 20th birthday, almost exactly two months from now.

Google’s communications division speaks mainly to the press. Google developer and design advocates help to make sure that relevant developer-related parties are heard by Google’s engineering teams. 

But beyond these specific scopes, there really aren’t user advocates per se at Google. In fact, a relevant Google search yields entries for Google design and developer advocates, and for user advocates at other firms. But there’s no obvious evidence of dedicated user advocate roles at Google itself.

Words matter. Precision of word choices matters. And in thinking about this recently, I’ve realized that my traditional use of the term “ombudsman” to address these concerns has been less than optimal.

Part of the reason for this is that the concept of “ombudsman” (which can be a male or female role, of course) carries with it a great deal of baggage. I realized this all along and attempted to explain that such roles were subject to definition within any given firm or other organization. 

But ombudsman is a rather formal term and is frequently associated with a person or persons who mainly deal with escalated consumer complaints, and so the term tends to carry an adversarial implication of sorts. The word really does not encompass the broader meanings of advocacy — and other associated communications between firms and users — that I’ve been thinking about over the years — but that I’ve not been adequately describing. I plead guilty.

“User advocacy” seems like a much more accurate term to approach the concepts that I’ve been so long discussing about Google and its everyday users.

Advocacy, not contentiousness. Participation, not confrontation. 

While it would certainly be possible to have user advocates focused on specific Google products and services, the multidisciplinary nature of Google suggests that an “at large” user advocate, or a group of such advocates working to foster user communications across a wide range of Google’s teams, might be more advantageous all around.

Google and Googlers create excellent services and products. But communications with users continues to be Google’s own Achilles’ heel, with many Google-related controversies based much more on misunderstandings than on anything else.

A genuine devotion to user advocacy, fostered by Googlers dedicated to this important task, could be great for Google’s users and for Google itself.

–Lauren–

Google’s New Security Warning Is Terrifying Many Users

Views: 2014

I’ve been getting email from people all over the world who are suddenly scared of accessing particular websites that they’ve routinely used. It was quickly obvious what is going on — the first clue was that they were all users running Chrome Beta. 

The problem: Google’s new “Not Secure” warning on sites not using https security is terrifying many people. Users are incorrectly (but understandably) interpreting “Not Secure” to mean “Dangerous and Hacked! Close this page now!”

And this is squarely Google’s fault.

Years ago, I predicted this outcome. 

Though I’ve long promoted the migration to secure Web connections via https, I’ve also repeatedly warned that there are vast numbers of widely referenced sites that provide enormous amounts of important information to users, often from archives and systems that have been running for many, many years — sometimes since before the beginnings of Google 20 years ago.

The vast majority of these sites don’t require login. They don’t request information from users. They are utterly read-only.

While non-encrypted connections to them are theoretically subject to man-in-the-middle attacks, the real world likelihood of their being subjected to such attacks is extraordinarily low.

Another common factor with many of these sites is that they are operating on a shoestring, often on donated resources, without the expertise, money, or time to convert to https. Many of these systems are running very old code, conversion of which to support https would be a major effort — even if someone were available to do the work.

Despite ongoing efforts by “Let’s Encrypt” and others to provide tools to help automate the transition to https, the reality is that it’s still usually a massive amount of work requiring serious expertise, for all but the smallest and simplest of sites — and even that’s for sites running relatively current code.

Let’s be utterly clear about this. “Not Secure” does not mean that a site is actually hacked or dangerous in any way, nor that its data has been tampered with in transit. 

But to many users — not all of whom are well versed on the fine points of Internet security, eh? — that kind of warning displayed in that manner is a guarantee of more unnecessary confusion and angst among large categories of users, many of whom are already feeling disadvantaged by other aspects of the Web, such as Google’s continuing accessibility failures in terms of readability and other user interface aspects, disproportionately affecting these growing classes of users.

With Google about to promote their “Not Secure” warning from Google Beta to the standard Google Stable that most people run, these problems are about to grow by orders of magnitude.

Through their specific interface design decisions in this regard, Google is imposing an uncompensated cost on many sites with extremely limited resources, a cost that could effectively kill them.

Might doesn’t always make right, and Google needs to rethink the details of this particular approach.

–Lauren–