Month: January 2018

The monsters are everywhere — self-righteous sickos who laugh at other people’s misfortunes — the same kind of diseased personalities who slow down in traffic to take photos of horrific accidents and urge distressed persons on the edges of buildings to jump to their deaths.

And they’re online as well. Oh man, are they online. Worst of all perhaps, they’re extremely well represented among the tech community where I’ve spent my entire career, such as it’s been.

Perhaps this helps to explain why so many techies are so disdainful of non-techies, why so many software designers call the people using their systems by the pejorative “losers” rather than users or customers.

It certainly provides some insight into why many non-technical persons view our technical fields with so much disdain and distrust.

Lately I’ve been writing a lot about people being harmed — in some cases killed — by social media fads — e.g., in “YouTube’s Dangerous and Sickening Cesspool of ‘Prank’ and ‘Dare’ Videos” — https://lauren.vortex.com/2017/05/04/youtubes-dangerous-and-sickening-cesspool-of-prank-and-dare-videos — and other posts.

Inevitably, when I note the vast array of videos on YouTube, Facebook, and other sites that show individuals being burned, shocked, poisoned, crushed, or otherwise injured and sometimes killed in the name of challenges, dares, and dangerous pranks, there are always the Trumpian “wits” who chuckle in the comments about “Darwin Awards” and stupid people, and how this helps to improve the gene pool, and golly Lauren aren’t we clever to think up a comment like this?

I point out that the tragedies from ingesting toxic substances or playing with guns — or the array of other horrific pranks and dares that are easily found on these video platforms pulling in vast numbers of views — often involve suckering in for “social media fame” real people with actual families and loved ones, and frequently young people including sometimes very young children.

“Oh well, I’m not including children of course,” tends to come the belated reply — though it’s obvious that in reality their actual degree of caring about their fellow human beings is somewhere south of absolute zero.

I’ve discussed elsewhere my concerns regarding how YouTube fails to properly enforce their own published Terms of Service when it comes to hate speech and the sorts of videos I described above.

Google has recently announced a series of efforts relating to these and associated content areas, including significantly more humans in the abuse reporting loops — something I have long advocated as a crucial adjunct to the automated systems that by necessity must be the first line of defense for the vast firehose of video pouring into YouTube 24/7 from around the world.

As one of YouTube’s biggest fans — I make no bones about this fact! — I very much want to see Google succeed in these efforts. Frankly, I personally have doubts that they’re moving fast enough to avoid the increasing specter of politically motivated, heavy-handed government regulations that threaten the entire video ecosystem. But certainly Google’s trajectory in this regard is now positive.

In fact, my faith in Googlers is such that I’m certain that they can solve these problems if enough resources are devoted to them — provided that scheming politicians and their minions don’t get in the way.

I wish I could offer the same degree of confidence regarding human beings in general. Whenever I see them laughing and making their malignant comments regarding people injured or killed in online videos, I’m torn between vomiting and fantasizing of a means to send a brief pulse of high voltage back to these commenters’ keyboards over the Net.

Fortunately, we do have the ability to deal with the array of technological policy issues that seem so vexing, if we choose to seriously do so.

Unfortunately, human nature itself has barely advanced at all since the caves, and our powerful technologies tend to enable not only the best of humanity, but disproportionately even more so the very worst.

Be seeing you.

–Lauren–

I informally try to help quite a few Google users with their Google-related issues when I can. Many of these involve Google Account problems of one sort or another.

I’ve frequently written about why it’s so important to use Google’s 2-step verification systems, e.g. in: “Protecting Your Google Account from Personal Catastrophes” —https://lauren.vortex.com/2017/09/07/protecting-your-google-account-from-personal-catastrophes — and various other posts.

I’ve also noted some of the reasons why Google users tell me that they don’t use Google’s 2-step verification, e.g. in: “Google Users Who Want to Use 2-Factor Protections — But Don’t Understand How” —  https://lauren.vortex.com/2017/06/10/google-users-who-want-to-use-2-factor-protections-but-dont-understand-how — and related discussions.

Google recently announced that fewer than 1 in 10 Gmail users have 2-factor enabled on their Google accounts — so this is a very serious matter.

Yesterday, I was approached by a long-time reader who told me that he had long been trying — without success — to use 2-factor, had been unable to get assistance from Google in this regard, and wondered if I could help. Perhaps you’ve had the same problem.

This Google user needed to make use of various non-Google applications via his Google account, that seemingly would only function when his Google account had 2-factor disabled. 

Google actually has a mechanism (that I’ve routinely used myself) for dealing with this — though you may never have heard of it — called “application specific passwords” (aka “App passwords”). Using this system, you can assign secure passwords to these kinds of apps that will work with Google 2-factor enabled. 

But this user was unable to access the Google page for setting up these passwords:

https://security.google.com/settings/security/apppasswords

Whenever he tried, he received the obscure error message:

“The setting you are looking for is not available for your account.”

Hmm. Not very helpful. He got this message every time he tried, so he finally gave up on enabling 2-factor at all.

When I looked at this in detail, the solution turned out to be trivially simple, in retrospect. You can’t access the apps passwords page unless 2-factor is already turned on!

He’d been trying to use his apps with 2-factor on and always failed. So he turned 2-factor off. Then he learned about the apps passwords and wanted to set those up — but couldn’t reach the setup page. So he left 2-factor turned off (so that he could continue using his apps).

Chicken and egg!

Now, the fundamental problem here is obvious. That error message should have told him something like:

“You cannot use app passwords unless 2-factor is enabled.”

That would have given him the clue he needed to have immediately fixed this entire situation by himself. 

A similar situation exists for G Suite users, who must both have 2-factor enabled and have had their administrator enable “less secure apps” before they can reach the apps password page successfully.

Complicating this all a bit more is that changes to Google Account parameters don’t necessarily seem to always take effect immediately. It appears that sometimes there is a lag before all background systems apparently sync up. So for example, if you turn 2-factor on and immediately try a test that requires 2-factor, it might not work unless you’ve waited long enough after changing that parameter.

It’s really, really important to enable Google 2-factor. I can’t emphasize this enough. If issues with non-Google apps have been preventing you from using 2-factor up to now, please give it another try as described above. As always, I’m glad to try assist. Take care, all.

–Lauren–

I’ve been getting a bunch of queries from folks asking if I could provide any insight into alt-right darling James Damore’s class action lawsuit against Google. I have no personal knowledge of the circumstances of that suit, and so I have nothing to say about its specific allegations.

I do however have considerable insight into Google’s culture — I spent enough time inside Google several years ago to have a pretty clear sense of that.

While like any other firm Google isn’t perfect, Google in particular has a culture to be roundly applauded, not condemned — I believe the finest I’ve seen in any corporate environment during my career.

Let’s start with an obvious truth. 

White heterosexual males — like myself — don’t need any special protections in the USA. When you hear straight white males bitching about supposedly being discriminated against, you can be sure that nearly always these snowflakes (to borrow a term typically thrown against liberals by the alt-right) are actually upset about pushback regarding their own racism, antisemitism, or other expressed hate speech.

Unapologetic racists like Donald Trump and many of his followers falsely assert that left and right both use the same tactics.

That claim is indeed a lie. There is no organized structure of hate and false propaganda aimed at the right, while the right most certainly has devoted vast efforts to such attacks directed at the left, even beyond the right’s traditional hate groups such as the KKK and Nazis. There is no valid comparison.

Right-wing groups are upset that new fact checking systems on social media and search predominantly point out the lies on right-wing sites (as opposed to more left-oriented sites). The reason for this is simple and obvious — those right-wing sites are the primary sources of lying propaganda (and the vast majority of hate speech). You just don’t find anything comparable in scope on left-wing sites. That’s just a fact.

Which brings us back to Google.

Google has a remarkably freewheeling internal discussion culture. The great extent to which Googlers debate technical and policy issues inside Google is in fact vastly reassuring in ways I’d never seen anywhere else in my life. Within hours of first logging in, I was personally invited into several important discussion forums — I later joined many more — and I even started several discussion lists internally myself while I was there, on topics that I felt were important.

As in most other large firms today, there are many employees at Google who are not white, straight males like me. And it’s my personal belief that it’s essentially impossible for guys like me to truly understand what it’s like for women, for blacks, for LGBT individuals, and for other minorities who typically have little power in our country, many of whom live in fear of serious discrimination and even personal harm in the daily lives. They feel — with complete justification — that they are under constant threat.

Google’s culture is widely inclusive and celebratory of true diversity. This is enormously positive. It’s good for Google, it’s good for Google’s users, and it’s good for the broader community. I wish every large firm were equally forward-thinking in such regards.

But such inclusiveness does not imply that any firm need tolerate employees whose freely stated views are fundamentally hateful, sexist, racist, antisemitic, or otherwise divisive — often attacking the very groups that I described above who are most in need of protection.

This is not an issue of political viewpoints. It’s a matter of how so many white male conservatives attempt to camouflage their racial and other hateful animus in hypocritical claims of  being discriminated against, as if the rest of us were obligated to just stand by idly while they attempt to sabotage everything positive that we’ve built.

If you spend some time over on alt-right websites (not recommended shortly after eating), you’ll quickly learn that making false claims of “discrimination against whites” is a major bullet point high up in their playbooks. It’s explicitly seen as a way to inject racial and other divisiveness into firms (and society generally) without the need to buy white hoods or sew swastikas onto your clothing.

Don’t be fooled by alt-right rhetoric. White guys like me are at the top of the power food chain in the USA. Racist alt-right forces are explicitly working to falsely and deviously weaponize open discussions and anti-discrimination laws designed to protect the truly vulnerable, attempting to hideously mutate those laws into tools to spread hate, racism, and worse throughout our country and the world.

We should be honoring and supporting companies, organizations, and individuals who resist these efforts by haters to roll back the clock to the mindset of slavery, lynchings, and government-enforced white and male supremacy.

To do any less is to empower the worst part of our natures as Americans, and to surrender our great country to the real world forces of evil.

–Lauren–

As always when I talk about Google’s YouTube, I want to make one thing perfectly clear. I love YouTube. I consider it to be a gem in Google’s pantheon and one of the most important sites on the Internet. If YouTube vanished tomorrow I’d be devastated. And I’m a big fan of the many folks in the teams at Google (quite a few of whom I know personally) who keep the incredibly complex systems and machinery of YouTube running.

That all said, I fear for YouTube’s future — and what this could mean overall for Google and its users in the long run, since in many ways YouTube’s issues are representative of Google’s issues more broadly.

I’ve written a lot about various matters regarding YouTube before, of course. I’ve lauded the sublime educational and entertainment content, but have been deeply critical of hate speech; dangerous pranks, dares, and stunts; and user interface issues that I believe suppress users from easily reporting videos that are believed to be in violation of YouTube’s Terms of Service.

Lately YouTube has been under fire from an array of quarters, including various pandering politicians associated with national governments — some of whom have passed laws imposing potentially impractical “moderation” and takedown requirements, along with massive fine structures for infractions, that may ultimately threaten the entire YouTube model in significant ways.

Some aspects of this unfortunate dilemma are indeed of Google’s own making. Google has long tried to keep as much of a “hands-off” attitude regarding YouTube content as possible, for a variety of reasons — some very valid, others significantly less so. 

But there’s no question that Google has a right and duty to enforce YouTube’s published terms of service regarding acceptable content, and the uneven manner in which this has typically occurred has left gaping openings for Google haters to leverage. This is certainly not to suggest that applying their terms of service is easy at the massive scale of YouTube — but even taking scale into account and looking only at specific highly publicized incidents involving videos and YouTube creators with enormous numbers of subscribers and video views, the issues persist.

Another aspect of YouTube’s problems is also intrinsic to Google itself, in terms of how they choose to communicate with the public at large. 

Google’s public communications apparatus has always been much more focused on dealing with tech media than with ordinary non-tech forms of media that are more likely to reach relatively non-techie users in ways that those users and the broader community will genuinely understand. Nowadays, with the many powerful forces aligning against Google, especially at the government level, this just isn’t good enough.

Google tends to communicate policy issues mostly through blog posts and emails with the tech trade press, and rarely offline. In the case of a YouTube controversy over the last few days, Google used a series of Twitter tweets to apologize for a long delay in addressing a very controversial issue — already an international story — involving a highly-ranked YouTube star. More than a bit ironic, to say the least.

Except mainly in terms of technical developer liaisons, Google hasn’t really had representatives of their own out in the “real world” with the specific role of interacting directly with the ordinary public regarding everyday and more controversial Google-related policy issues through the wide array of both online and offline discussion forums or mainstream media like radio and television (though Google’s recent hiring of Danny Sullivan as a search division adviser/liaison is indeed a welcome move in the specific context of search issues).

But in the broader scope of YouTube and Google more generally, the lack of effective ongoing public communications outside the boundaries of Google’s traditionally limited “comfort zone” risks costing Google and its users dearly in the long run. 

Google is full of great people in every respect — but they are now facing escalating adversarial relationships with governments and others — including competitors and the outright Google haters — who are exceedingly skilled at political and mass media public communications of the cutthroat variety — and unless Google significantly improves their game in this sphere they could very well come out on the losing end.

And that would likely be a disaster for Google, for the Internet, and for billions of individuals around the world, leaving us increasingly vulnerable to the “tender mercies” of government and other forces hellbent on remaking the Net in their own images of government-dictated censorship and politically-motivated, government-mandated information control.

It’s a battle that neither Google — nor the rest of us — can afford to lose.

–Lauren–

Greetings. As I’ve noted in posts such as:

The Google Account “Please Help Me!” Flood: https://lauren.vortex.com/2017/09/12/the-google-account-please-help-me-flood

Protecting Your Google Account from Personal Catastrophes:
https://lauren.vortex.com/2017/09/07/protecting-your-google-account-from-personal-catastrophes

and in various other associated missives, I’m nearly constantly being approached for informal assistance by Google users who are having problems accessing their Google accounts. Many are in a panic. Some call me on the phone and are literally crying — their whole lives are pretty much on Google and they’re desperate. Sometimes they find me from articles I’ve written or from radio discussions, in other instances via word of mouth.

I try to help when I can. I can offer direct advice to some of them (especially if they haven’t been “hard” locked out of their accounts through continued “thrashing” around on their part), for others in some situations I’m able to help them reach Google support personnel for their issues.

But I’m just one guy here in L.A. — I don’t scale well to the scope of these problems — nor do I have any official connection with Google these days.

While Google indeed offers various proactive means to protect your Google accounts, the plain truth is that many users don’t use them. In many cases, they’ve never even heard of them — or they don’t understand them.

With so much of so many people’s personal lives now dependent on Google’s great services, loss of access to your account can be devastating, and regaining access — especially if you don’t fully understand what’s going on, can be a frustrating exercise in futility.

I’ve talked in the past about the shortcomings in Google’s account recovery flows and how they affect ordinary users — it’s a very complex area. Let’s leave this aside for the moment.

Let’s instead ask the more fundamental question — how can we help Google users of all sorts — not just relatively young techies — avoid problems with their Google accounts in the first place? Remember, all sorts of persons from all walks of life, including growing numbers of the elderly in a rapidly aging overall population, are very much dependent on Google these days.

The most common ad hoc “solution” to this class of problems is telling someone else — for example a family member or friend — your Google username and password credentials. This is not at all uncommon. But from a security and privacy perspective, it’s awful.

Someone else who has your credentials has total access to your Google account and all related services, at identical privilege levels as yourself across the board. Good security practices strongly suggest that only providing minimum necessary access to third parties is by far the desirable procedure, but in the current context of Google accounts that really isn’t possible — it’s all or nothing.

Still, as an alternative to a user getting confused and losing data or getting locked out of their account (or otherwise disrupting their essential Google services), handing someone else your Google credentials is frequently seen as the only practical course of action.

In fact, there’s a significant number of Google users who have given me their Google credentials for this purpose — for some I also act as their account recovery address and I deal with their 2-factor verifications as well.

I don’t like doing this. Again, it’s awful from a privacy and security standpoint. But I won’t leave these users out in the cold.

To be sure, none of these problems are trivial to solve, especially at Google scale.

There is a better way though, that would be extremely useful for Google to implement — a concept that various other online services should consider using as well.

I propose that Google seriously explore solving this class of problems in a more controlled and structured manner, by creating a formal “Google account delegation” system.

Such a system would permit a user to delegate (that is, share with third parties in a controlled manner) specific permissions and capabilities (either individually and/or in logical groupings) for access to various aspects of the user’s Google account.

This would allow a designated third party to provide the kinds of ongoing assistance that many users desire and require — including but not limited to helping the user avoid errors that could disrupt their account access or usage in various ways — but without the need to share their primary, full Google credentials with those third parties as would be necessary today.

Delegated capabilities and permissions would be revocable by the user at any time.

I won’t in this post get into the details (to which I’ve given quite a bit of thought!) regarding what would be involved in making a concept like this deploy successfully in practice — it involves various layers ranging from upper level account capabilities down through specific Google services permissions. It’s certainly not simple but is wholly within Google’s abilities.

Given the vast numbers of persons who now depend on Google in so many ways, it makes enormous sense that these users should — if they so desire — be able to delegate specific aspects of their Google accounts to trusted individuals who could help them to manage those accounts and related services effectively, and in particular help them to avoid mistakes that can cause extremely upsetting situations such as accidentally deleted data and account lockouts, to name but two common scenarios.

Google account delegation options would be great for Google’s users, for Google itself, and for the broader community.

Google can do this.

–Lauren–

UPDATE: Please see Meltdown and Spectre for important additional information regarding Intel and other affected processors, including AMD and ARM in specific situations.

– – –

Just a very few quick words about a new Intel CPU security problem. You may have heard that a new, serious security bug has been discovered in generations of Intel CPU chips used in most consumer and business computers. I won’t get into the technical details here right now, but it’s a mess. The good news is that fixes will be rolling out in operating system updates (if you have computers that are still getting updates, that is!) — there’s nothing for most users to do themselves to manually deal with this — but these fixes will significantly degrade the performance of affected systems.

Users of computers with AMD CPU chips are (as far as we know currently) not vulnerable to this particular security bug. However, it is possible that some operating system updates to fix the Intel bug will have the side effect of unnecessarily reducing the performance of AMD CPU chips as well, if those patches don’t differentiate between the two different manufacturers. Obviously, AMD is working hard to avoid this situation in the CPU bug fix patches being developed and deployed by various entities to fix the Intel bug.

Intel has released a statement claiming that the same class of exploits can affect other CPU manufacturers. One of my readers wrote to tell me that while the specific issue now being patched does not affect AMD CPU chips, information about the broader exploit class (and other related problems that may involve manufacturers other than Intel) could be going public shortly. I do not have independent confirmation regarding these broader issues at this time.

I’ll say more about this all as additional information becomes available.

–Lauren–

UPDATE: Please see Meltdown and Spectre for important additional information regarding Intel and other affected processors, including AMD and ARM in specific situations.

Given the furor that has erupted in the wake of the latest infantile and dangerous tweet from Donald Trump — yesterday’s already infamous “my nuclear button is bigger than your nuclear button” tweet directed at the leader of the unstable and unpredictable nuclear-armed dictatorship of North Korea, I would assert that a Twitter thought experiment is in order.

We’ll draft a figure from history — Adolf Hitler (you remember him, right?) — to complete our tyrant triad along with Donald Trump and Kim Jong-un. We’ll be talking about the actual Adolf himself here, so “Godwin’s law” prohibitions against inappropriate Hitler analogies will not apply.

OK, boys and girls, let’s begin the thought experiment.

The Big Question that comes up after so many of Trump’s tweets is why do so many Twitter users posting far less provocative content have their Twitter accounts temporarily or permanently disabled or terminated, while an individual literally threatening nuclear war — about as provocative as you can get — continues to tweet with impunity?

Twitter’s legal and policy teams have a ready answer — they point to clauses in their terms of service that provide exceptions for “newsworthy” tweets.  They also exempt public office holders elected through “democratic elections.”

Interestingly, tweets from Donald Trump would seem to conveniently fall into both of these policy buckets. Ironically, so would tweets from Adolf Hitler.

One certainly couldn’t argue that Hitler’s tweets wouldn’t have been newsworthy. And yes, Hitler was democratically elected. While he was appointed chancellor of Germany in January 1933 by President Hindenburg, he was elected to the presidency in a plebiscite vote in 1934 after Hindenburg died.

Bottom line: By Twitter, Inc. standards, anything Hitler might have tweeted would be golden.

Yet we know what’s really going on with these Twitter terms of service standards — it’s all about “engagements” — likes and reshares — and the income to Twitter that results. Twitter is terrified of cutting off those income streams by upsetting large chunks of Twitter users (such as Trump’s base of racist and antisemitic followers).

The fact that Twitter is putting money ahead of ethics and public safety shouldn’t surprise us — they’re on firm historical footing.

During the rise of the Third Reich, entire major firms — like IBM — knowingly provided resources to accelerate National Socialism’s Nazi evils, as did entire countries, like Switzerland.

So the next time that Twitter gets asked about their terms of service in the context of Trump, perhaps they might want to point to Adolf and Friends as an explanatory precedent.

I suspect though that Hitler’s Twitter feed would have looked a lot different than Trump’s. For one thing, Adolf was far more intelligent and mature than Trump overall, and I’ll bet that the lion’s share of Hitler’s Twitter posts would have typically been relatively adult and subtle compared against Trump’s third grade rants (no offense meant to third-graders).

So I doubt very much that we’d have seen tweeted photos of Jews, gypsies, and others being stuffed into boxcars on the way to the death camps, nor images of his victims in the millions piled into ditches or burning in crematoriums.

More likely, we’d have seen carefully worded tweets on political issues and lots of animal photos — Hitler was indeed a dog lover and many shots of Adolf and his dogs still exist today.

It would have been an interesting Twitter feed. I might have followed it myself.

Of course this would have belied the truth of what was actually going on, as the world was well aware — and largely attempted to ignore — as the Reich rose to power and implemented its murderous policies.

By any logical analysis, the decision to remove Trump from Twitter should be far easier for Twitter than it would have been for dealing with @realAdolfHitler (by the way, a Twitter account with that handle has existed since 2009, but has never tweeted to date).

After all, while Hitler was smart enough to be fairly constrained in his public statements when he felt that this served his own purposes, Trump’s continuing Twitter streams of deranged nuclear threats and sociopathic, senile ramblings are front and center on Twitter — and Twitter is making a mint from them.

It has been argued that letting Trump rant on Twitter will be his ultimate downfall — creating all manner of potential legal problems for him in the future.  Perhaps so.

However, I draw the line when it comes to threats of nuclear war and the potential deaths of millions or billions of people.

It’s time for Twitter to call a halt to this madness. They are not merely bystanders in this nightmare, they are active participants, enablers, and unethical beneficiaries.

Twitter, it’s time for you to do the right thing and dump Trump.

By doing so, you might even save the world.

–Lauren–