Google Admits It Has Chinese Censorship Search Plans – What This Means

Views: 234

This post is also available in Google Docs format .

After a painfully long delay, Google admitted at an internal company-wide meeting yesterday that it indeed has a project for Chinese government-controlled censored search in China, but asserts that it is nowhere near ready for deployment and is subject to a range of possible changes before deployment (I’ll add, assuming that it ever actually launches).

Some background:

“Google Must End Its Silence About Censored Search in China” – https://lauren.vortex.com/2018/08/09/google-must-end-its-silence-about-censored-search-in-china

“Google Haters Rejoice at Google’s Reported New Courtship of China” –  https://lauren.vortex.com/2018/08/03/google-haters-rejoice-at-googles-reported-new-courtship-of-china

“Censored Google Search for China Would Be Both Evil and Dangerous!” – https://lauren.vortex.com/2018/08/01/censored-google-search-for-china-would-be-both-evil-and-dangerous

While this was an internal meeting, it apparently leaked publicly in real time, and was reportedly terminated earlier than planned when it was realized that it was being live-tweeted to the public by somebody watching the event.

The substance of the discussion is unlikely to appease Googlers upset by these plans. For all practical purposes, management appears to be justifying the new project using much the same terms (e.g., some Google is better than no Google”) used to try justify the ill-fated 2006 entry of Google into censored Chinese search, which Google abandoned in 2010 after continuing escalation of demands by the Chinese government, and Chinese government hacking of Google systems.

Given the rapid recent escalation of Internet censorship and associated human rights abuses by China’s “President for Life” Xi, there’s little reason to expect the results to be any different this time around — in fact they’re likely to go bad even more quickly, making Google by definition complicit in the human rights abuses that flow from the Chinese government’s censorship regime.

The secrecy surrounding this project — few Googlers even knew of its existence until leaks began circulating publicly — was explained by Google execs as “typical” of various Google projects while in their early, very sensitive stages.

This alone suggests a serious blind spot in Google management’s analysis. Such logic might hold true for a “run-of-the-mill” new service. But keeping a project such as Chinese censored search under such wraps within the company — a project with vast ethical ramifications — is positively poisonous to internal company trust and moral when the project eventually leaks out — as we’ve seen so dramatically demonstrated in this case.

That’s why the (now public) Googler petition — reportedly signed by well over a 1000 Googlers and increasing — is so relevant and important. It wisely calls for the establishment of formal frameworks inside Google to deal with these kinds of ethical issues, giving rank and file employees a “seat at the table” for such discussions. 

It also notably calls for the creation of internal “ombudspersons” roles to be directly engaged in these corporate ethical considerations — something that I’ve been publicly and privately advocating to Google over at least the last 10 years.

Irrespective of whether or not Google relaunches Chinese-government controlled censored search, the kinds of efforts proposed in the Googler petition would be excellent steps toward the important goal of improving Google’s ethical framework for dealing with both controversial and more routine projects going forward.

Leaks threaten the culture of internal openness that has been an important hallmark at Google since its creation 20 years ago (with this new Chinese government-censored search project being an obvious and ironic exception to Google’s open internal culture).

This internal openness is crucial not only for Google, but also for its users and the community at large as well. Vibrant open discussion internally at Google (which I’ve witnessed and participated in myself when I consulted to them a number of years ago) is what helps to make Google’s products and services better, and helps Google to avoid potentially serious mistakes.

But for any organization, when policy-related leaks occur of the sort that we’ve witnessed recently regarding Google and China, it strongly suggests that the organization does not have well functioning or adequate internal staff-accessible processes in place to appropriately deal with these higher pressure matters. Again, the kinds of proposals in the Googler petition would go a long way toward alleviating this situation.

These recent developments have brought Google to a kind of crossroads, a “moment of truth” as it were. What is Google going to be in its next 20 years? What kinds of roles will ethics play in Google’s decisions going forward? These are complex questions without simple answers. Google has a lot of serious work ahead in answering them to their own and the public’s personal and political satisfactions. 

But Google is great at dealing with hard problems, and I believe that they’ll work their way to appropriate answers in these cases as well.

We shall see what transpires in the fullness of time.

–Lauren–

Beware the Fraudulent Blog Comments Scams!

Views: 294

A quick heads-up! While I’ve routinely seen these from time to time, there seems to be a major uptick in what are apparently fraudulent comment scam attempts here on my blog. They never get published since I must approve all comments before any appear, but their form is interesting and there likely is at least some human element involved, since they’re able to pass the reCAPTCHA “Are you a human?” test.

Here’s how the scams operate. It’s typical for blogs that support comments (whether moderated or not) to often permit the sender to include their name, email address, and a contact URL with their comment submission. My blog only will display their specified name, and of course only if I approve the comment.

But many blogs include all of that information in the posted comments, and many blogs don’t moderate comments, or only do so after the fact if there are complaints about individual published comments.

The scam comments themselves tend to fall into one of two categories. They may be utterly generic, e.g.: “Thanks for this great and useful post!”

Or they may be much more sophisticated, and actually refer in a more or less meaningful way — sometimes in surprising detail — to the actual topic of the original post.

The email addresses provided with the comments could be pretty much anything. What matters is the URLs that the comment authors provide and that they hope you will publish: The scammers always provide URLs pointing at various fake “technical support” addresses.

These cover the gamut: Google, Yahoo!, Microsoft, Outlook — and many more.

And you never want to click on those links, which almost inevitably lead to the kind of fake technical support sites that routinely scam unsuspecting users out of vast sums around the world every day.

It’s possible that these scam comment attempts are made in bulk by humans somewhere being paid a couple of cents per effort. Or perhaps they’re partly human (to solve the reCAPTCHA), and partly machine-generated.

In any case, if you run a blog, or some other public-facing site where comments might be submitted, watch out for these. Don’t let them appear on your sites! Your legitimate users will thank you.

–Lauren–

Fixing Google’s Gmail Spam Problems

Views: 898

The anti-spam methodology used by Google’s Gmail system — and most other large email processing systems — suffers a glaring flaw that unfortunately has become all too traditionally standard in email handling.

One of the most common concerns I receive from Google users is complaints that important email has gone “missing” in some mysterious manner.

The mystery is usually quickly solved — but a real solution is beyond my abilities to deploy widely on my own.

The problem is the ubiquitous “Spam” folder, a concept that has actually helped to massively increase the amount of spam flowing over the Internet.

Many users turn out to not even realize that they have a Spam folder. It’s there, but unnoticed by many.

But even users who know about the Spam folder tend to rarely bother checking it — many users have never looked inside, not even once. Google’s spam detection algorithm is so good that non-spam relatively rarely ends up in the Spam folder.

And therein lies the rub. Google’s algorithms are indeed good, but of course are not perfect. False positives — important email getting incorrectly relegated to the Spam folder — can be a really big deal — especially when important financial notifications are concerned, for example.

In theory, routine use of Gmail’s “filter” options could help to tame this problem and avoid some false positives being buried unseen. But the reality is that many of these important false positives are not from necessarily expected sources, and many users don’t know how to use the Gmail filter system — and in fact may be totally unaware of its existence. And frankly, the existing Gmail filtering user interface is not well suited to having large and growing numbers of filters of the sort needed to try deal with this situation (either from the standpoint of actual spam or false positives) — trust me on this, I’ve tried!

So could we just train users to routinely check the Spam folder for important stuff that might have gotten in there by accident? That’s a tough one, but even then there’s another problem.

Many Gmail users receive so much spam — much of it highly repetitive — that manually plowing through the Spam folder looking for false positives is necessarily time consuming and prone to the error of missing important items, no matter how careful you attempt to be. Ask me how I know!

This takes us to the intrinsic problem with the Spam folder concept. Gmail and most other major mail systems accept many of the spam emails from the creepy servers that vomit them across the Net by the billions. Then they’re relegated to users’ spam folders, where they help to bury the important non-spam emails that shouldn’t be in there in the first place.

Since Google accepts much of this spam, the senders are happy and keep sending spam to the same addresses, seemingly endlessly. So you keep seeing the same kinds of spam — ranging from annoying to disgusting — over and over and over again. The sender names may vary, the sending servers usually have obviously bogus identities, but (unlike some malware that Google rejects immediately) the spam keeps getting delivered anyway.

The solution is obvious, even though nontrivial to implement at Google Scale. It’s a technique used by many smaller mail systems — my own mail servers have been using variations of this technique for decades.

Specifically, users need to be able to designate that particular types of spam will never be delivered to them at all, not even to the Spam folder. Attempts at delivering those messages should be rejected at the SMTP server level — we can have a discussion later about the most appropriate reject response codes in these circumstances, there are various ways to handle this.

Specifying the kinds of spam messages to be given this “delivery death penalty” treatment is nontrivial, both from a user interface and implementation standpoint — but I suspect that Google’s AI resources could be of immense assistance in this context. Nor would I assert that a “real-time” reject mechanism like this would be without cost to Google — but it would certainly be immensely useful and user-positive.

The data from my own servers suggests that once you start rejecting spam email rather than accepting it, the overall level of spam attempts ultimately goes down rather than up. This is especially true if spam attempts are greeted with a “no such user” reject even when that user actually exists (yes, this is a controversial measure).

There are certainly a range of ways that we could approach this set of problems, but I’m convinced that the current technique of just accepting most spam and tossing it into a Spam folder is not helping to stop the scourge of spam, and in fact is making it far worse over time.

–Lauren–

Location Tracking: Google’s the One You DON’T Need to Worry About!

Views: 485

I must keep the post brief today but this needs to be said. There are a bunch of stories currently floating around in the news globally, making claims like “Google tracks your location even when you tell it not to!” and other alarming related headlines.

This is all false hype-o-rama.

Google has a variety of products that can make use of location data, both desktop and mobile, and of course there are various kinds of location data in these contexts — IP address location estimates, cell phone location data, etc. So it’s logical that these need to be handled in different ways, and that users have appropriate options for dealing with each of them in different Google services. Google explains in detail how they use this data, the tight protections they have over who can access this data — and they never sell this data to anyone. 

Google pretty much bends over backwards when it comes to describing how this stuff works and the comprehensive controls that users have over data collection and deletion (see: “The Google Page That Google Haters Don’t Want You to Know About” – https://lauren.vortex.com/2017/04/20/the-google-page-that-google-haters-dont-want-you-to-know-about).

Can one argue that Google could make this even simpler for users to deal with? Perhaps, but how to effectively make it all even simpler than it is now in any kind of practical way is not immediately obvious.

The bottom line is that Google gives users immense control over all of this. You don’t need to worry about Google.

What you should be worrying about is the entities out there who gather your location data without your consent or control, who usually never tell you what they’re doing with it. They hoard that data pretty much forever, and use it, sell it, and abuse it in ways that would make your head spin.

A partial list? Your cellular carrier. They know where your phone is whenever it’s on their network. They collect this data in great detail. Turning off your GPS doesn’t stop them — they use quite accurate cell tower triangulation techniques in that case. Most of these carriers (unlike Google, who has very tight controls) have traditionally provided this data to authorities with just a nod and a wink!

Or how about the license plate readers that police and other government agencies have been deploying like mad, all over the country! They know where you drive, when you travel — and they collect this data in most cases with no real controls over how it will be used, how long it will be held, and who else can get their hands on it! You want someone to be worried about, worry about them!

And the list goes on.

It’s great for headlines and clickbait to pound on Google regarding location data, but they’re on the side of the angels in this debate.

And that’s the truth.

–Lauren–

Google Must End Its Silence About Censored Search in China

Views: 566

UPDATE (August 17, 2018): Google Admits It Has Chinese Censorship Search Plans – What This Means

– – –

It has now been more than a week since public reports began surfacing alleging that Google has been working on a secret project — secret even from the vast majority of Googlers — to bring Chinese government-censored Google search and news back to China. (Background info at: “Google Haters Rejoice at Google’s Reported New Courtship of China” – https://lauren.vortex.com/2018/08/03/google-haters-rejoice-at-googles-reported-new-courtship-of-china).

While ever more purported details regarding this alleged effort have been leaking to the public, Google itself has apparently responded to the massive barrage of related inquiries only with the “non-denial denial” that they will not comment on speculation regarding their future plans.

This radio silence has seemingly extended to inside Google as well, where reportedly Google executives have yet to issue a company-wide explanation to the Google workforce, which includes many Googlers who are very concerned and upset about these reports.

With the understanding that it’s midsummer with many persons on vacation, it is still of great concern that Google has gone effectively mute regarding this extremely important and controversial topic. The silence suggests internal management confusion regarding how to deal with this situation. It’s upsetting to Google’s fans, and gives comfort to Google’s enemies.

Google needs to issue a definitive public statement addressing these concerns. Regardless of whether the project actually exists as reports have described — or if those detailed public reports have somehow been false or misleading — Google needs to come clean about what’s actually going on in this context.

Google’s users, employees, and the global community at large deserve no less.

Google, please do the right thing.

–Lauren–