By Killing Encryption, Our Leaders Are Delivering Us to the Terrorists

The phrase “Like a lamb to slaughter” originates from biblical times. And it when comes to the rising chorus of politicians demanding an end to public availability of strong, end-to-end encryption, it’s we law-abiding citizens who are the lambs about to have our throats cut — by our own leaders.

Every time there’s a terrorist attack, politicians around the world (including here in the USA) are back in front of the cameras demanding government access to our private encrypted communications.

Make no mistake about it, these leaders might as well be on the payroll of the terrorists and other criminal organizations, because such demands if implemented would sell us all down the river, and make our lives vastly more dangerous.

We are far, far more at risk from these politicians wrecking our communications security than we are from terrorists and other criminals themselves in the absence of such weakened technology.

Our lives are increasingly utterly dependent on the security of computer-based communications systems, and this is true even for persons who’ve never touched a computer keyboard or a smartphone.

Our financial and so many other aspects of our personal lives are intertwined with the security and sanctity of strong encryption, and for persons living under the thumb of repressive regimes, their mortal lives themselves hang in the balance when communications security becomes compromised.

Let’s be utterly clear about this. When you’re told that it’s possible to give governments access to our secure communications without fatally weakening the underlying encryption systems, you are being told a lie, plain and simple.

The very act of building a “backdoor” into these systems fundamentally weakens them, putting honest citizens at enormous risk not only for government abuses and mistakes, but also for attacks by black-hat hackers, terrorists, and other criminals of all sorts who will find ways to exploit these government-mandated flaws.

Meanwhile, terrorists and other criminals won’t sit back and use these horrifically compromised communications systems. They’ll move to existing and under development strong end-to-end encryption systems without backdoors — independent apps that are impossible for governments to effectively control.

Government demands for backdoor access to encryption are a disaster for everyone but the evil forces that these politicians claim will be destroyed.

If one assumes for the sake of the argument that our leaders aren’t actually in league with such heinous entities, one is also forced to assume that either these politicians are getting terrible technical advice — or most likely of all — are simply ignoring the known facts in furtherance of pandering and sowing fear for political gains, regardless of the negative consequences on all of us.

Of course, even though governments might try to ban such use, in practice it would likely prove extremely difficult to stop honest, law-abiding citizens from using independent, non-backdoored strong crypto apps themselves — just like evil is sure to do.

Governments don’t like to contemplate honest persons taking such independent steps to control their own destinies. Politicians by and large prefer to think of us like those sheep.

Whether or not our leaders are accurate in such a characterization, is ultimately our decision, not theirs.


YouTube’s Excellent New Moves Against Hate Speech — But There’s More Work for Google to Do

In my March blog posts — “How YouTube’s User Interface Helps Perpetuate Hate Speech” (, and  “What Google Needs to Do About YouTube Hate Speech” (, I was quite critical of how Google is handling certain aspects of their own Terms of Service enforcement on YouTube.

In “Four steps we’re taking today to fight online terror” (, Google’s General Counsel Kent Walker (a straight-arrow guy whom it’s been my pleasure to meet) announced YouTube changes aimed at dealing more effectively with extremist videos and hate speech more broadly.

Key aspects of these changes appear to be in line with my public suggestions — in particular, faster takedowns for extremist content, and disqualification of hate speech videos from monetization and “suggested video” systems, are excellent steps forward.

I would prefer that hate speech videos not only be demonetized and “hidden” from suggestions — but that they’d be removed from the YouTube platform entirely. I am not at this point fully convinced that sweeping that kind of rot “under the carpet” — where it can continue to fester — is a practical long-term solution. However, we shall see. I will be watching with interest to determine how these policies play out in practice.

As I’ve noted in earlier posts, I also feel strongly that Google needs to make it more “in your face” obvious to YouTube users that they can report offending videos. I had previously mentioned that the YouTube “Report” link — that years ago was on the top-level YouTube user interface — seemed to have returned to that position (at least for YouTube Red subscribers) after a long period being buried under the top level “More” link. At the time, I speculated that this might only be an ephemeral user-facing experiment, and in fact for me at least the “Report” link is again hiding under the “More” link.

I’ve discussed this problem before. Users who might otherwise report an offending video are much less likely to do so if a “Report” link isn’t obvious. I acknowledge that one possible reason for “hiding” the “Report” link is concerns about false positives. Indeed, in Kent’s post today, he mentions the high accuracy of YouTube “Trusted Flaggers” — which suggests that my speculation in this regard (about reports from users overall) was likely correct. In any case, I still feel that a top-level user interface “Report” link is a very important element for consideration.

While I do feel that there’s more that Google needs to do in various of these regards concerning extremist and hate speech, I am indeed cognizant of their understandable desire to move in carefully calibrated steps given the impact of any changes at Google scale. And yeah, I’m indeed pleased to see Google moving these issues in the overall direction that I’ve been publicly urging.

My kudos to the associated Google/YouTube teams — and we’ll all be watching to see how these changes play out in the fullness of time.

Be seeing you.


Why I May Remove All Google+ Buttons from My Blog Posts

Google says they will no longer show the +1 count on external G+ buttons — like I have on all of my blog postings. Without the +1 count, these buttons are largely useless, and I will probably remove all G+ buttons from my posts to recover that space, and urge other sites to do the same. I’m sorry, Google, this one is extremely boneheaded.

I’ll bet I know why they’re doing it — Google is probably embarrassed by the relatively low counts vis-a-vis Facebook. But I support G+ and not Facebook because I consider G+ to be a superior platform, and this decision by Google is just inane.


Brief Thoughts on a Google Ombudsman and User Trust

This post in PDF format:

– – –

Despite significant strides toward improved public communications over the years, Google is still widely viewed — both by users and by the global community at large — as an unusually opaque organization.

Google does provide a relatively high level of communications — including customer support — for users of their paid services. And of course, there’s nothing inherently unreasonable with Google providing different support levels to paying customers as compared to users of their many free services.

But without a doubt, far and away, Google-related issues that users bring to me most frequently still relate to those users’ perceived inabilities to effectively communicate with Google when they have problems with Google services (usually free but frequently paid), and these are services that vast numbers of persons around the world now depend upon for an array of crucial aspects in their businesses and personal lives. These problems can range from minor to quite serious, sometimes with significant ongoing impacts.

Similarly and related, user and community confusion over both the broad and detailed aspects of various Google policies remains widespread, in some cases not significantly improved over many years.

The false assumption that Google sells user data to third parties remains rampant, fueled both by basic misunderstandings of Google’s ad technologies, and by Google competitors and haters — who leverage Google’s seemingly institutional public communications reluctance — filling the resulting vacuum with misinformation and false propaganda. Another of many examples is the continuing unwillingness of many users to provide account recovery and/or two-factor verification phone numbers to Google, based on the unfounded fear of those numbers being sold or used for other purposes. Confusion and concerns related to YouTube policies are extremely widespread. And the list goes on …

While Google’s explanatory documents have significantly improved over time, they often are still written at technical levels beyond the understanding of major subsets of users.

Significant and growing segments of the Google user population — including older and other special needs users who increasingly depend on Google services — feel left behind by key aspects of Google’s user interfaces — with visual designs (e.g. perceived low contrast layouts), hidden interface elements, and other primary usability aspects of growing concerns and angst.

These and other associated factors serve to undermine user trust in Google generally, with significant negative regulatory and political ramifications for Google itself, not only in the USA but around the world. This is all exacerbated by Google’s apparently deeply ingrained fear of “Streisand Effect” reactions to public statements.

It has frequently been noted that many organizations employ an “ombudsman” (or multiple persons fulfilling similar roles under this or other titles) to act as a form of broad, cross-team interface between individual corporate and/or team concerns and the concerns of the user community, typically in the contexts of products, services, and policy issues.

Google has apparently been resistant to this concept, with scalability concerns likely one key factor.

However, this perceived reaction may suggest a lack of familiarity with the wide range of ways in which ombudsman roles (or similar roles otherwise titled) may be tailored for different organizations, toward the goal of more effective communications overall.

An ombudsman is not necessarily a form of “customer support” per se. An employee filling an ombudsman role need not have any authority over decisions made by any teams, and may not even interact with users directly in many circumstances.

The ombudsman may be tasked primarily with internal, not external communications, in that they work to help internal teams understand the needs of users both in terms of those individual teams and broader cross-team scopes. In this context, their contribution to improved, effective public communications and perceptions of a firm are more indirect, but can still be of crucial importance, by helping to provide insights regarding user interactions, broader policies, and other issues that are not limited to individual teams’ everyday operational mandates.

An ombudsman can help teams to better understand how their decisions and actions are affecting users and the overall firm. The ombudsman may be dealing with classes and categories of user issues, rather than with individual users, yet the ombudsman is still acting as a form of liaison between users, individual teams, and the firm as a whole.

There are of course myriad other ways to structure such roles, including paradigms that combine internal and public-facing responsibilities. But the foundational principle is the presence of a person or persons whose primary responsibilities are to broadly understand the goals and dynamics of teams across Google, the scope of user community issues and concerns, and to assist those teams and Google management to better understand the associated interdependent dynamics in terms of the associated problems and practical solutions — and then help to deploy those solutions as appropriate.

Google’s users, the community at large, and Google itself would likely significantly benefit.


Google Users Who Want to Use 2-Factor Protections — But Don’t Understand How

In my “Questions I’m Asked About Google” #1 live video stream ( a few days ago, I emphasized the importance of protecting Google Accounts with Google’s excellent 2-factor authentication system.

In response I’ve received a bunch of queries from Google users who do not understand how to set this up or use it, even though they very much want to.

These concerns fall into a number of categories. Even though I explained that it’s safe to give your phone number to Google — Google won’t abuse it — many users are still resistant, and note that they do not see a way to activate Google 2-factor protection for other authentication mechanisms (e.g. Google Authenticator App and/or Backup Codes) without first providing their phone number information.

Others want to use their existing (non-Google) mail programs after activating Google 2-factor, but are utterly confused by Google’s “application-specific passwords” system that is required to do so.

When you’re trying to get users to take advantage of the best possible security, and have successfully convinced them that this is a good idea, but your documentation is still written in a way that many non-techie users dependent on your services cannot readily understand — you have a serious problem.

Despite positive strides at Google in terms of help center and other documentation resources, Google is still leaving vast numbers of their users behind.

Google can do better.